Sign up for our weekly security newsletter

Phishers Attract Steam Gamers with Free Games

The rising popularity of online digital content distribution system, such as Steam or GameTap, has led cyber criminals to target the users of these sites by enticing them with fake promises. The prime objective of criminals is to make them reveal their personal data.

Actually, this is how the users of Valve Corporation, a popular Steam digital delivery network, fell victim to a phishing scam.

According to security researchers, the users of Steam received a message from a fake email ID with "support@steamcommunity" URL. The message directed the users to visit Steam Community homepage to claim their gift. When the users clicked on the link, they were redirected to a site that resembled the legitimate Steam Community website, but was actually a counterfeit.

But when a person enters his/her userID and pass code, the website takes that data and gives it to phishers to exploit it for their malevolent intentions. The address itself spills the beans, it reads: http://h1.ripway.com/steamedcommunity instead of "https://steamcommunity.com."

As a matter of fact, the phishing was detected by several vigilant users who discovered that the official URL didn't begin with "http", which is the sign of a secured site.

Meantime, Valve Corporation has started alerting its Steam users to be careful of these scams and has cautioned them many times in the past that the network would never request them to disclose their username or password over the net. The firm (Valve) has also advised Steam account owners to go to the support page which provides valuable tips on maintaining safety of their account. When everything has failed, users who have been victimized by the phishing scam and had their user account hacked by bots can go to this page for recovering it.

Apparently, as phishing scams arrive in various forms, a few even penetrate instant messengers. But this attempt along with the lure of a complimentary game is sufficient to make people careful, indicate the security analysts. It seems that most skilled gamers recognized there was something wrong about the email and ignored it, while some had their private information stolen by the phishers.